Refactoring by jonasbg · Pull Request #60 · jonasbg/picoblog

jonasbg · 2024-06-09T18:34:09Z

No description provided.

+
+          if (System.IO.File.Exists(synologyPath)) {
+              path = synologyPath;
+              _logger.LogDebug("Synology file exists. Updated path to: {0}", path);


To fix the problem, we need to sanitize the user input before logging it. Since the log entries are plain text, we should remove any newline characters from the user input to prevent log forgery. We can use the String.Replace method to achieve this.

Specifically, we need to sanitize the path variable before logging it on line 63. We will replace any newline characters in the path variable with an empty string.

-        if (!System.IO.File.Exists(path)){
-          _logger.LogWarning("File does not exist after toggling case of extension: {0}", path);
+      if (!System.IO.File.Exists(path)) {
+          _logger.LogWarning("File does not exist at path: {0}", path);


To fix the problem, we need to sanitize the user input before logging it. Since the log entries are plain text, we should remove any new line characters from the user input to prevent log forging. This can be done using the String.Replace method to replace new line characters with an empty string. We will apply this sanitization to the path variable before it is logged.

-          return result;
-        }
+  private async Task<string> ResizeIfNeeded(string path) {
+      _logger.LogDebug("Checking if resize is needed for path: {0}", path);


To fix the problem, we need to sanitize the user input before logging it. Since the log entries are plain text, we should remove any newline characters from the user input to prevent log forging. This can be done using the String.Replace method to replace newline characters with an empty string. We will apply this sanitization to the path variable before it is logged.

+              }
+          }
+      } catch (Exception e) {
+          _logger.LogError(e, "Error resizing file: {0}", path);


To fix the problem, we need to sanitize the user input before logging it. Since the log entries are plain text, we should remove any newline characters from the user input to prevent log forging. This can be done using the String.Replace method to replace newline characters with an empty string. We will apply this sanitization to the path variable before it is used in any log entries.

jonasbg added 9 commits January 6, 2024 16:01

fix(post): removed extension toggling.

a1ed75a

Wrong usage

e1becde

bug(post): rewrite image fetch logic

b59e131

bug(post): rewrite image fetch logic

096f650

bug(post): rewrite image fetch logic

925a236

bug(post): rewrite image fetch logic

c09784b

possible loginfix error

b908f7d

Spring cleaning

a1ae8e2

Merge branch 'main' into refactoring

6885bb2

github-advanced-security AI found potential problems Feb 11, 2025

View reviewed changes

@@ -62,3 +62,4 @@
                           path = synologyPath;
-                          _logger.LogDebug("Synology file exists. Updated path to: {0}", path);
+                          var sanitizedPath = path.Replace(Environment.NewLine, "").Replace("\n", "").Replace("\r", "");
+                          _logger.LogDebug("Synology file exists. Updated path to: {0}", sanitizedPath);
                           return await ReturnFileResponse(path);

@@ -68,3 +68,4 @@
                   if (!System.IO.File.Exists(path)) {
-                      _logger.LogWarning("File does not exist at path: {0}", path);
+                      var sanitizedPath = path.Replace(Environment.NewLine, "").Replace("\n", "").Replace("\r", "");
+                      _logger.LogWarning("File does not exist at path: {0}", sanitizedPath);
                       return NotFound();

@@ -62,3 +62,3 @@
                           path = synologyPath;
-                          _logger.LogDebug("Synology file exists. Updated path to: {0}", path);
+                          _logger.LogDebug("Synology file exists. Updated path to: {0}", path.Replace(Environment.NewLine, "").Replace("\n", "").Replace("\r", ""));
                           return await ReturnFileResponse(path);
@@ -68,3 +68,3 @@
                   if (!System.IO.File.Exists(path)) {
-                      _logger.LogWarning("File does not exist at path: {0}", path);
+                      _logger.LogWarning("File does not exist at path: {0}", path.Replace(Environment.NewLine, "").Replace("\n", "").Replace("\r", ""));
                       return NotFound();
@@ -94,3 +94,3 @@
               private async Task<string> ResizeIfNeeded(string path) {
-                  _logger.LogDebug("Checking if resize is needed for path: {0}", path);
+                  _logger.LogDebug("Checking if resize is needed for path: {0}", path.Replace(Environment.NewLine, "").Replace("\n", "").Replace("\r", ""));
                   var resizedPath = $"{Config.ConfigDir}/resized{path}";
@@ -120,3 +120,3 @@
                   } catch (Exception e) {
-                      _logger.LogError(e, "Error resizing file: {0}", path);
+                      _logger.LogError(e, "Error resizing file: {0}", path.Replace(Environment.NewLine, "").Replace("\n", "").Replace("\r", ""));
                   }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Refactoring#60

Refactoring#60
jonasbg wants to merge 9 commits intomainfrom
refactoring

jonasbg commented Jun 9, 2024

Uh oh!

Check failure

Copilot Autofix

Check failure

Copilot Autofix

Check failure

Copilot Autofix

Check failure

Copilot Autofix

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

jonasbg commented Jun 9, 2024

Uh oh!

Check failure

Copilot Autofix

Check failure

Copilot Autofix

Check failure

Copilot Autofix

Check failure

Copilot Autofix

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants